Skip to content

[DNM] [nrf mergeup] merge upsteram up to commit 9686e70 #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nvlsianpu merged 29 commits into from
Jul 1, 2019
Merged

[DNM] [nrf mergeup] merge upsteram up to commit 9686e70 #43

nvlsianpu merged 29 commits into from
Jul 1, 2019

Conversation

@nvlsianpu
Copy link
Contributor

@nvlsianpu nvlsianpu commented Jun 27, 2019
edited
Loading

reverted commits which were present in the upstream:
aebd4b9 [nrf fromlist] boot: serial recovery: Add pca10090 default detect pin
4ef858c [nrf toup] boot: zephyr: Update USB CDC ACM device name

content:

  • Fix double swap on interrupted revert
  • RSA-3072 signature support
  • ED-25519 signature support
  • other minor fixes

utzig and others added 26 commits April 17, 2019 18:12
@utzig
Add pkgpath to Mynewt key_files
63ae7de 
This allows the CI targets to be built if MCUBoot is a dependency of
other repos as well as current local package only build support.

Signed-off-by: Fabio Utzig <utzig@apache.org>
@andvib @nvlsianpu
boot: serial recovery: Add pca10090 default detect pin
704b8ba 
Add button 1 as default serial detect pin for nrf9160_pca10090

Signed-off-by: Andreas Vibeto <andreas.vibeto@nordicsemi.no>
@utzig
Add Mynewt specific release information
e1727d9 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add Mynewt RSA-3072 config
61f86fd 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add Zephyr config for RSA-3072
105b59a 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add bootutil support for RSA-3072
3501c01 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add RSA-3072 support to imgtool
19fd79a 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add simulator support for RSA-3072 sigs
3929743 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Run RSA-3072 feature on travis-ci
2dc9f8f 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@Qbicz @nvlsianpu
boot: zephyr: Update USB CDC ACM device name
db6be2d 
Follow the device name changes in Zephyr.

Signed-off-by: Filip Kubicz <filip.kubicz@nordicsemi.no>
@jli157 @nvlsianpu
bugfix: disable usb for all usb funcs
01bef71 
USB should be disabled if any usb func is enabled.

fix nrfconnect#477

Signed-off-by: Jun Li <jun.r.li@intel.com>
@utzig
Newt master now requires go 1.11
05b594b 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add new verify command
4a5477a 
imgtool verify -k <some-key.(pub|sec)> <img-file>

Allow imgtool to validate that an image has a valid sha256sum and that
it was signed by the supplied key.

NOTE: this does not yet support verifying encrypted images

Signed-off-by: Fabio Utzig <utzig@apache.org>
@ccollins476ad
Use same format for scratch and slot trailer
2adef70 
Prior to this change, the scratch image trailer had a different format
from a slot image trailer.  Specifically:

1. The scratch trailer only contained a single set of status entries
   (three bytes); the slot trailer contained `BOOT_STATUS_MAX_ENTRIES`
   sets of status entries.

2. The scratch trailer did not contain the `copy_done` field.

This inconsistency required some extra conditional logic in the trailer
handling code.  It is simpler to just use the same trailer format
everywhere.

This commit removes this inconsistency.  Now, the scratch trailer
structure is identical to that of the slot trailer.

Signed-off-by: Christopher Collins <ccollins@apache.org>
@ccollins476ad
Add some more debug logging
2c88e69 
Signed-off-by: Christopher Collins <ccollins@apache.org>
@ccollins476ad
Fix double swap on interrupted revert
a1c1204 
This fixes nrfconnect#480.

When mcuboot rewrites image trailers during a swap, some information is
lost.  If a reset occurs before the swap completes, mcuboot may not be
able to determine what which swap type to resume upon startup.
Specifically, if a "revert" swap gets interupted, mcuboot will perform
an extraneous swap on the subsequent boot.  See
mcu-tools/mcuboot#480 for details.

This commit adds an additional field to the image trailer: `swap-type`.
The new trailer structure is illustrated below:

```
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                                                               ~
    ~    Swap status (BOOT_MAX_IMG_SECTORS * min-write-size * 3)    ~
    ~                                                               ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                 Encryption key 0 (16 octets) [*]              ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                 Encryption key 1 (16 octets) [*]              ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Swap size           |    0xff padding (4 octets)    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Swap type   |           0xff padding (7 octets)             ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Copy done   |           0xff padding (7 octets)             ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Image OK    |           0xff padding (7 octets)             ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    ~                       MAGIC (16 octets)                       ~
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
```

The `swap-type` field contains one of the `BOOT_SWAP_TYPE_[...]` constants.
Every time a trailer is written, this field is written along with it.
When resuming an interrupted swap, mcuboot uses this field alone to
determine the type of swap being resumed. For new swap operations
(non-resume case), this field is not read at all; instead, mcuboot
consults the `boot_swap_tables` array to determine the swap operation to
perform (as it did prior to this commit).

Some additional changes were necessary to make all the simulated unit
tests pass:

* Before initiating a new swap operation, always write the image trailer
to the scratch area.  This step allows mcuboot to persist the
`swap-type` field somewhere before erasing the trailer in the primary
slot.  If a reset occurs immediately after the erase, mcuboot recovers
by using the trailer in the scratch area.

* Related to the above: if the scratch area is being used to hold status
bytes (because there are no spare sectors in the primary slot), erase
the scratch area immediately after the trailer gets written to the
primary slot.  This eliminates ambiguity regarding the location of the
current trailer in case a reset occurs shortly afterwards.

Signed-off-by: Christopher Collins <ccollins@apache.org>
@utzig @ccollins476ad
Increase size of swap testing images
28d012c 
Make images slightly larger to allow more swap status metadata to be
written to flash, to increase amount of debugging info and possibility
of failures on random write fails.

Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Christopher Collins <ccollins@apache.org>
@utzig @ccollins476ad
Add interruption at revert step of a test+revert
fc07eab 
This extends the test+revert case with an interruption on the revert
stage, as it was previously only interrupted on the test stage. For
simplicity the interruption happens on the same interruption point for
both test and revert stages.

Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Christopher Collins <ccollins@apache.org>
@utzig
Add ed25519 signing support to imgtool
8101d1f 
This adds ed25519 signature support using the "prehash" method. Instead
of using the direct contents of the image and header payloads, a sha256
is generated and signed (SHA256-Ed25519). This allows for compatibility
with already existing tools that use the sha256 hash, like mcumgr, etc.

Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add third_party/fiat from boringssl
705dfb3 
This adds the boringssl version of fiat-crypto. The version bundled here
had most if its non-used code removed, like signing, X25519 curve
operations not required by verification, etc.

Under boringssl tree, fiat can be found in third_party/fiat. The version
included here comes from a boringssl tree where the last commit is
f109f2087349712d3ac717d15fab48e130618110.

Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add Zephyr infrastructure for ed25519
1171df9 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add Mynewt ed25519 support
a1e8e43 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add bootutil support for ed25519 validation
4876484 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add ed25519 verification to sim
9771028 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@utzig
Add ed25519 test to travis-ci
3c469bc 
Signed-off-by: Fabio Utzig <utzig@apache.org>
@nvlsianpu
requirements.txt: bump cryptography Py package version
9686e70 
Since Ed25519 curve primitives are available since cryptography package
version 2.6 need to bump its version.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
@nvlsianpu nvlsianpu mentioned this pull request Jun 27, 2019
Merged
@NordicBuilder
Copy link

NordicBuilder commented Jun 27, 2019
edited
Loading

Found the following issues, please fix and resubmit:

Gitlint issues

Commit 3c469bc:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add ed25519 test to travis-ci"
1: UC6 Body has no content, should at least have 1 line.

Commit 9771028:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add ed25519 verification to sim"
1: UC6 Body has no content, should at least have 1 line.

Commit 4876484:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add bootutil support for ed25519 validation"
1: UC6 Body has no content, should at least have 1 line.

Commit a1e8e43:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add Mynewt ed25519 support"
1: UC6 Body has no content, should at least have 1 line.

Commit 1171df9:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add Zephyr infrastructure for ed25519"
1: UC6 Body has no content, should at least have 1 line.

Commit 705dfb3:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add third_party/fiat from boringssl"

Commit 8101d1f:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add ed25519 signing support to imgtool"

Commit fc07eab:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add interruption at revert step of a test+revert"

Commit 28d012c:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Increase size of swap testing images"

Commit a1c1204:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Fix double swap on interrupted revert"
39: UC4 Line exceeds max length (75>72): "The swap-type field contains one of the BOOT_SWAP_TYPE_[...] constants."

Commit 2c88e69:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add some more debug logging"
1: UC6 Body has no content, should at least have 1 line.

Commit 2adef70:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Use same format for scratch and slot trailer"

Commit 4a5477a:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add new verify command"

Commit 05b594b:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Newt master now requires go 1.11"
1: UC6 Body has no content, should at least have 1 line.

Commit 2dc9f8f:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Run RSA-3072 feature on travis-ci"
1: UC6 Body has no content, should at least have 1 line.

Commit 3929743:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add simulator support for RSA-3072 sigs"
1: UC6 Body has no content, should at least have 1 line.

Commit 19fd79a:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add RSA-3072 support to imgtool"
1: UC6 Body has no content, should at least have 1 line.

Commit 3501c01:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add bootutil support for RSA-3072"
1: UC6 Body has no content, should at least have 1 line.

Commit 105b59a:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add Zephyr config for RSA-3072"
1: UC6 Body has no content, should at least have 1 line.

Commit 61f86fd:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add Mynewt RSA-3072 config"
1: UC6 Body has no content, should at least have 1 line.

Commit e1727d9:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add Mynewt specific release information"
1: UC6 Body has no content, should at least have 1 line.

Commit 63ae7de:
1: UC3 Title does not follow [subsystem]: [subject] (and should not start with literal subsys:): "Add pkgpath to Mynewt key_files"

nvlsianpu added 3 commits June 28, 2019 09:21
@nvlsianpu
Revert "[nrf fromlist] boot: serial recovery: Add pca10090 default de…
1adffdb 
…tect pin"

This reverts commit aebd4b9.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
@nvlsianpu
Revert "[nrf toup] boot: zephyr: Update USB CDC ACM device name"
c294b54 
This reverts commit 4ef858c.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
@nvlsianpu
[nrf mergeup] merge upsteram up to commit 9686e70
951bb36 
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
@nvlsianpu
Copy link
Contributor Author

nvlsianpu commented Jun 28, 2019

cc @sigvartmh

@nvlsianpu
Copy link
Contributor Author

nvlsianpu commented Jun 28, 2019

gitlint issues are inherited form the upsteram.

rlubos
rlubos approved these changes Jul 1, 2019
View reviewed changes
Copy link
Contributor

@rlubos rlubos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested with http_application_update, seems to work fine.

@nvlsianpu nvlsianpu merged commit 951bb36 into nrfconnect:master Jul 1, 2019
nvlsianpu added a commit to nvlsianpu/fw-nrfconnect-nrf that referenced this pull request Jul 1, 2019
@nvlsianpu
manifest: update reference to include upmerged mcuboot
27104a0 
Thanks to above head of
nrfconnect/sdk-mcuboot#43
will be used.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
nvlsianpu added a commit to nrfconnect/sdk-nrf that referenced this pull request Jul 2, 2019
@nvlsianpu
manifest: update reference to include upmerged mcuboot
ffd48bf 
Thanks to above head of
nrfconnect/sdk-mcuboot#43
will be used.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
jfischer-no pushed a commit to jfischer-no/sdk-mcuboot that referenced this pull request Jan 20, 2021
@nvlsianpu
Merge: synchronized up to mcu-tools/mcuboot@ce50334
3f49b5a 
Synch up to:
mcu-tools/mcuboot@ce50334

merged by GitHub GUI nrfconnect#43

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rlubos rlubos rlubos approved these changes

@mbolivar mbolivar Awaiting requested review from mbolivar

@carlescufi carlescufi Awaiting requested review from carlescufi

@SebastianBoe SebastianBoe Awaiting requested review from SebastianBoe

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@nvlsianpu @NordicBuilder @rlubos @utzig @andvib @Qbicz @jli157 @ccollins476ad